[Server] Fix bug

author: syuilo <syuilotan@yahoo.co.jp> 2017-02-12 06:39:37 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2017-02-12 06:39:37 +0900
commit: e0703e0a502f0d067cc15c223e9ffd43f89c0403 (patch)
tree: 159a04c2d9cb407ccae8a1dd238d5123d082ed90 /src/api
parent: [Server] :v: (diff)
download: sharkey-e0703e0a502f0d067cc15c223e9ffd43f89c0403.tar.gz
sharkey-e0703e0a502f0d067cc15c223e9ffd43f89c0403.tar.bz2
sharkey-e0703e0a502f0d067cc15c223e9ffd43f89c0403.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/api/service/github.ts b/src/api/service/github.ts
index 00241987ab..2b70675010 100644
--- a/src/api/service/github.ts
+++ b/src/api/service/github.ts
@@ -1,5 +1,6 @@
 import * as EventEmitter from 'events';
 import * as express from 'express';
+const crypto = require('crypto');
 import User from '../models/user';
 import config from '../../conf';
 
@@ -20,7 +21,7 @@ module.exports = async (app: express.Application) => {
 	const handler = new EventEmitter();
 
 	app.post('/hooks/github', (req, res, next) => {
-		if (req.headers['x-hub-signature'] == config.github_bot.hook_secret) {
+		if ((new Buffer(req.headers['x-hub-signature'])).equals(new Buffer('sha1=' + crypto.createHmac('sha1', config.github_bot.hook_secret).update(JSON.stringify(req.body)).digest('hex')))) {
 			handler.emit(req.headers['x-github-event'], req.body);
 		} else {
 			res.sendStatus(400);
author	syuilo <syuilotan@yahoo.co.jp>	2017-02-12 06:39:37 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2017-02-12 06:39:37 +0900
commit	e0703e0a502f0d067cc15c223e9ffd43f89c0403 (patch)
tree	159a04c2d9cb407ccae8a1dd238d5123d082ed90 /src/api
parent	[Server] :v: (diff)
download	sharkey-e0703e0a502f0d067cc15c223e9ffd43f89c0403.tar.gz sharkey-e0703e0a502f0d067cc15c223e9ffd43f89c0403.tar.bz2 sharkey-e0703e0a502f0d067cc15c223e9ffd43f89c0403.zip